Autolab Misconfigured Reset Password Permissions

Impact For email-based accounts, users with insufficient privileges could reset and theoretically access privileged users' accounts by resetting their passwords. Patches This is fixed in v3.0.1. Workarounds No workarounds. For more information If you have any questions or comments about this...

GHSA-622W-995C-3C3H Goobi viewer Core has Cross-Site Scripting Vulnerability in User Comments

Impact A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core. An attacker could create a specially crafted comment, resulting in the execution of malicious script code in the user's browser when displaying the comment. Patches The vulnerability...

GHSA-HHC4-47RH-CR34 Incorrect is_static parameter for custom stateful precompiles in SputnikVM (evm)

Impact A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Previously, the passed isstatic parameter was incorrect -- it was only set to true if the call comes...

FlyteAdmin's Default OAuth Authorization Server secret must be rotated

Impact Users who enable the default Flyte’s authorization server without changing the default clientid hashes will be exposed to the public internet. In an effort to make enabling authentication easier for Flyte administrators, the default configuration for Flyte Admin allows access for Flyte...

GHSA-XRC4-737V-9Q75 OpenZeppelin Contracts's GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals

Impact This issue concerns instances of Governor that use the module GovernorVotesQuorumFraction, a mechanism that determines quorum requirements as a percentage of the voting token's total supply. In affected instances, when a proposal is passed to lower the quorum requirement, past proposals ma...

GHSA-FQX3-R75H-VC89 Improperly checked IDs on itemstacks received from the client leading to server crash in PocketMine-MP

Impact Due to a workaround for unmapped network items implemented in 4.0.0-BETA5 8ac16345a3bc099b62c1f5cfbf3b736e621c3f76, arbitrary item IDs are able to be written into an item's NBT. The intended purpose of this is to make said unmapped network items able to be moved around the inventory withou...

GHSA-WJFQ-88Q2-R34J Unhandled exception when decoding form response JSON

Impact When handling form responses from the client ModalFormResponsePacket, the Minecraft Windows client may send weird JSON that jsondecode can't understand. A workaround for this is implemented in InGamePacketHandler::stupidjsondecode. An InvalidArgumentException is thrown by this function whe...

GHSA-QXX8-292G-2W66 Improper Authentication

Impact A maliciously crafted claim may be incorrectly authenticated by the bot. Impacts bots that are not configured to be used as a Skill. This vulnerability requires an an attacker to have internal knowledge of the bot. Patches The problem has been patched in all affected versions. Please see t...

[SECURITY] Fedora 23 Update: php-PHPMailer-5.2.14-1.fc23

Full Featured Email Transfer Class for PHP. PHPMailer features: Supports emails digitally signed with S/MIME encryption! Supports emails with multiple TOs, CCs, BCCs and REPLY-TOs Works on any platform. Supports Text & HTML emails. Embedded image support. Multipart/alternative emails for mail...

SmarterTools Smarter Track 6-10 - Information Disclosure

Document Title: =============== SmarterTools Smarter Track 6-10 - Information Disclosure References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1298 Tracking ID: 088-1B879F0C-0A22 Release Date: ============= 2014-09-22 Vulnerability Laboratory ID VL-ID:...

Restaurant Listing with Online Ordering SQL Injection Vulnerability

No description provided by source. 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ /'\ \ /\ \ \ \ /'\ 0 0 \ \ /\ /\ \ \ \ /\ \ \ /\ /\ \ \ \ \ \ \ / 1 1 \ \ \ \\ \ \ /\ \...

Business Classified Listing SQL Injection

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : Inj3ct0r.com 0 1 + Support e-mail :...

CafeEngine 2.3 - SQL Injection

CafeEngine 2.3 - SQL Injection ========================================================== CafeEngine CMS V2.3 SQLI Vulnerability ========================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, ...

Mail support request accepts any e-mail address

The SupportUtility allows the user to enter an arbitrary e-mail address to send a copy of the e-mail to. This issue removes the option for users to enter an e-mail address to CC. This issue also introduces a flag that prevents the TO address from being changed through the web interface. By defaul...

icq-xss.txt

Title: ICQ Cross Site Scripting Author: Simo Ben youssef aka 6mOHaCk Date: 10 January 2006 MorX Security Research Team http://www.morx.org Service: Web/Chat Vendor: ICQ.com Vulnerability: Cross Site Scripting / Cookie-Theft / Relogin attacks Severity: Medium/High Tested on: Microsoft IE 6.0 and...